87 matches found
CVE-2026-2454
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...
CVE-2026-2454
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...
GO-2026-4513 Denial of service in github.com/shamaton/msgpack
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that triggers an out-of-bounds read. Note: This vulnerability i...
CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request.
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...
PT-2026-28435
Name of the Vulnerable Software and Affected Versions msgpack affected versions not specified Description The msgpack decoder does not correctly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can result in an out-of-bounds read and a runtime...
PT-2026-25809
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...
LangGraph checkpoint loading has unsafe msgpack deserialization
LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...
GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization
LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...
CVE-2026-28277
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
PYSEC-2026-83
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
CVE-2026-28277
LangGraph: Checkpoint loading vulnerable to unsafe msgpack deserialization in LangGraph SQLite Checkpoint (version
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...
SUSE CVE-2026-25899
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2026-27794
A flaw was found in LangGraph Checkpoint. This vulnerability allows a remote attacker with write access to the cache backend to achieve remote code execution. This occurs when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. If msgpack...
langgraph 代码问题漏洞
Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph prior to 4.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from the caching layer’s ability to deserialize cached values using pickle.loads when msgpack serialization fails, potentially...
CVE-2026-25899
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
GHSA-2MR3-M5Q5-WGP6 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation
Summary The use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardle...
Memory Allocation with Excessive Size Value
Overview github.com/gofiber/fiber/v3 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the parseAndClearFlashMessages function. An attacker can cause excessive memory allocation by sending a...